Debt Collection and GDPR

March 19, 2018

You may have heard of a slight change to the law in how businesses go about using and securing their customers’ data. The catchily-named GDPR, or General Data Protection Regulation, is an EU law intended to safeguard the public's online details.


It comes down to restricting businesses from sharing email addresses and other details of their clients, and when you sign up to something the ‘do you want to receive emails from us’ tick box must be clearly and straightforwardly written. You might soon find yourself receiving emails from companies asking if you still want to hear from them because if they contact you after 25th May without your consent, they will be breaking the law.


It all sounds great from a consumer perspective but it has also been a cause for concern for businesses. When it comes to chasing invoices, businesses have been wondering how GDPR will affect their right to employ a debt collection agency as they will need to pass on a client’s details in order for them to work together effectively.


Denise Parkinson of Cash Protection Agency; a debt collection and credit control firm, says that there is no need to worry about the affect this might have on your cash flow, just as long as you are prepared.


Here are the main aspects of GDPR:

  • Consent needs to be clear and accessible and should be as easy to withdraw as it is to give

  • Data breaches will need to be notified to the regulator within a 72-hour window and to customers ‘without any undue delay’

  • Customers have a Right to Access a copy of their personal data free of charge

  • Customers have a Right to be Forgotten and have their data erased when the data is no longer relevant or the customer withdraws consent

  • Data must be Portable and received in a format that can be sent elsewhere

  • Privacy by Design means data protection must be included from the onset of the designing of systems, rather than an addition, and calls for controllers to hold and process only the data absolutely necessary for the completion of its duties

To prepare then, it’s advisable to inform your customers that their data may be shared with debt collection agencies only when essential and within reasonable circumstances. It is of legitimate interest to the livelihood of a business to pass customer details on to a third party in some cases.

Be clear and concise; tell them how many attempts to receive payment it will take before getting another company involved.


Keep a record of these terms and conditions as and when you send them out to your clients.

Also keep records of dates and times when you have contacted them for payment along with notes as to how the conversation went.


The Government may carry out spot checks so it will work in your favour if they see you have proof that you have been actively taking measures to comply with GDPR.


It’s important to be open, honest and communicate effectively with your clients and the agencies you work with.


Visit these sites for more information, advice and guidance: The Government's New Data Protection BillEUGDPR, ICO, ITGovernance, GDPR-Info.

Please reload

Recent Posts

November 7, 2019

November 7, 2019

Please reload

Please reload